Amendments to the Claims: 

1. (currently amended) A method of communication between a private network (4^ 
and a roaming mobile terminal (4), said private network (4) including a home agent {§) 
for said mobile terminal and a gateway ^SrS) through which said communication passes 
and which provides security protection for said private network the protocols of said 
communication including security association bundles each including a security 
association between said mobile terminal (4) and said gateway (2, 3) for inbound 
communication and another security association for outbound communication, 
charaotor i sod i n that, the method comprising the steps of: 

in response to a handover of communication^ causing an IP address (MN Co @) of 
said mobile terminal ^ to change to a new IP address (MN New Co @), 

said mobile temriinal updates its inbound security association from said gateway ^ 
3) so that it can receive packets sent to it with said new IP address (MN New Co 
@) as destination, 

said mobile terminal (4) sends a first signalling message with said home agent ^ as 
destination in a secure tunnel <20^ to said gateway (2, 3) , 

said first signalling message indicating said new IP address (MN New Co @) in 
secure form to said home agent (5), 

the inbound security association of said gateway (2, 3) from said mobile terminal {4) 
accepts said first signalling message without checking its source address, 

said gateway (2. 3) forwards said first signalling message within said private network 
(4) to said home agent (5), 

said home agent ^ checks the validity of said first signalling message and, if it is 
valid, updates its address data and sends a second signalling message to said 
gateway (2, 3) indicating said new address (MN New Co @), and 

said gateway (2, 3) updates its outbound security association with said mobile 
terminal ^ in response to the new address (MN New Co @) indicated. 



-2- 



2. (currently amended) A method as claimed in claim 1, wherein communication 
between said mobile node and said gateway (2^-3) is in accordance with an IPsec 
protocol specification. 

3. (cun-ently amended) A method as claimed in claim 2, wherein communication 
between said gateway (2, 3) and said mobile temninal {4) is in accordance with an 
Encapsulating Security Payload protocol used in tunnel mode. 

4. (currently amended) A method as claimed in any procoding claim 1, wherein a 
registration reply for said mobile node ^ is included in said second signalling message. 

5. (cancelled). 

6. (cancelled). 

7. (cancelled). 

8. (cancelled). 
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9. (new) A system for communication between a private network and a roaming 
mobile terminal, said private network including a home agent for said mobile terminal 
and a gateway through which said communication passes and which provides security 
protection for said private network, the protocols of said communication including 
security association bundles each Including a security association between said mobile 
terminal and said gateway for inbound communication and another security association 
for outbound communication, the system comprising: 

the mobile terminal, in response to a handover of communication, causes an IP 
address (MN Co @) of said mobile terminal to change to a hew IP address (MN 
New Co @), said mobile tenninal updates its inbound security association from 
said gateway so that it can receive packets sent to it with said new IP address 
(MN New Co @) as destination, and said mobile terminal sends a first signalling 
message with said home agent as destination in a secure tunnel to said gateway, 
said first signalling message indicating said new IP address (MN New Co @) in 
secure form to said home agent, 

the gateway, with the inbound security association of said gateway from said mobile 
terminal, accepts said first signalling message without checking its source 
address, and fonvards said first signalling message within said private network to 
said home agent, 

the home agent checks the validity of said first signalling message and, if it is valid, 
updates its address data and sends a second signalling message to said 
gateway indicating said new address (MN New Co @), and 

the gateway updates its outbound security association with said mobile terminal in 
response to the new address (MN New Co @) indicated. 



10. (new) A system as claimed in claim 9, wherein communication between said 
mobile node and said gateway is in accordance with an IPsec protocol specification. 

11. (new) A system as claimed in claim 10, wherein communication between said 
gateway and said mobile terminal is in accordance with an Encapsulating Security 
Payload protocol used in tunnel mode. 

12. (new) A system as claimed in claim 9, wherein a registration reply for said mobile 
node is included in said second signalling message. 
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